Re: [PATCH 0/5] tracing/syscalls: Add filtering support
From: Frederic Weisbecker
Date: Wed Aug 19 2009 - 10:55:52 EST
On Wed, Aug 19, 2009 at 03:51:50PM +0800, Li Zefan wrote:
> This patchset adds filtering support for syscall events
>
> For syscall enter events, we can do filtering on syscall
> parameters, and for exit events, filter on syscall return
> value.
>
> For example, we set 'mode == 0666' (0666 == 0x1b6) to
> sys_enter_open, and set 'ret == 0' to sys_exit_open,
> and here's the output:
>
> # echo 'mode == 0666' > events/syscalls/sys_enter_open
> # echo 'ret == 0' > events/syscalls/sys_exit_open
> # echo 1 > events/syscalls/sys_enter_open
> # echo 1 > events/syscalls/sys_exit_open
> # cat trace
> ...
> modprobe-3084 [001] 117.463140: sys_open(filename: 917d3e8, flags: 0, mode: 1b6)
> modprobe-3084 [001] 117.463176: sys_open -> 0x0
> less-3086 [001] 117.510455: sys_open(filename: 9c6bdb8, flags: 8000, mode: 1b6)
> sendmail-2574 [001] 122.145840: sys_open(filename: b807a365, flags: 0, mode: 1b6)
> ...
Nice! Thanks!
>
> [PATCH 1/5] tracing/syscalls: Fix fields format for enter events
> [PATCH 2/5] tracing/syscalls: Add fields format for exit events
> [PATCH 3/5] tracing/events: Add ftrace_event_call param to define_fields()
> [PATCH 4/5] tracing/events: Add trace_define_common_fields()
> [PATCH 5/5] tracing/syscalls: Add filtering support
> ---
> include/linux/ftrace_event.h | 15 ++----
> include/linux/syscalls.h | 19 +++++--
> include/trace/ftrace.h | 11 ++---
> include/trace/syscall.h | 13 ++++-
> kernel/trace/trace_events.c | 29 +++++++++-
> kernel/trace/trace_export.c | 13 ++---
> kernel/trace/trace_syscalls.c | 120 +++++++++++++++++++++++++++++++----------
> 7 files changed, 156 insertions(+), 64 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/